Developer Compliance Copilot
API Documentation
Integrate AI compliance checking directly into your development workflow. Analyze systems, monitor compliance status, and receive actionable recommendations through our REST API.
Getting Started
Get up and running with the Arcus Copilot API in minutes. Follow these steps to start analyzing your AI systems for regulatory compliance.
Compliance Analysis
Analyze AI systems against global regulations including EU AI Act, Colorado SB 205, and more.
Real-time Status
Monitor compliance status, readiness scores, and active alerts for registered AI systems.
SDK Support
Python and TypeScript SDK stubs for quick integration into your CI/CD pipelines.
1
Generate an API Key
Navigate to Settings → API Keys in your Arcus dashboard. Create a new key with at least read permission. Your key will look like arc_xxxxxxxxxxxx.
2
Make Your First Request
Use the API key as a Bearer token in the Authorization header. Try the compliance check endpoint:
cURL
curl -X POST https://app.arcus-ai.app/api/copilot/check \
-H "Authorization: Bearer arc_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"system_description": "An AI hiring tool that screens resumes",
"use_case": "hiring",
"deployment_regions": ["eu", "us_colorado"]
}'3
Review the Response
The API returns a risk level, applicable jurisdictions, key obligations, and actionable recommendations. Use these to inform your compliance strategy.
Authentication
All API endpoints require authentication via API key. Your key is linked to your organization and determines rate limits based on your subscription plan.
API keys are organization-scoped. All requests are authenticated and rate-limited at the organization level. Generate keys at Settings → API Keys.
Authorization Header
Include your API key in the Authorization header using the Bearer scheme:
HTTP Header
Authorization: Bearer arc_your_api_key_hereKey Permissions
Your API key must have at least read permission to access copilot endpoints. Keys with insufficient permissions will receive a 403 Forbidden response.
| Permission | Access | Description |
|---|---|---|
read | Required | Access compliance check and system status endpoints |
write | Optional | May be required for future mutation endpoints |
Keep your API key secure. Never commit keys to source control or expose them in client-side code. Use environment variables or a secrets manager.
Endpoints
The Copilot API provides two endpoints: one for analyzing AI systems and another for checking compliance status of registered systems.
POST/api/copilot/check
Analyze an AI system description against the regulation database. Powered by Claude Opus to identify risk levels, applicable jurisdictions, key obligations, and actionable recommendations.
Request Body
| Parameter | Type | Description |
|---|---|---|
| system_descriptionRequired | string | Detailed description of the AI system to analyze. Max 5,000 characters. |
| use_caseOptional | string | Use case category: hiring, credit, healthcare, content, surveillance, etc. |
| data_typesOptional | string[] | Types of data processed: personal_data, biometric, financial, health, etc. |
| deployment_regionsOptional | string[] | Deployment regions: eu, us_colorado, us_california, uk, au, cn, kr, etc. |
| affected_individualsOptional | string | Description of individuals affected by the AI system. |
| risk_categoryOptional | string | Suggested risk category if already known by the developer. |
Response (200)
Response
{
"success": true,
"data": {
"risk_level": "high",
"confidence": 0.92,
"applicable_jurisdictions": [
{
"jurisdiction_key": "eu_ai_act",
"jurisdiction_name": "EU AI Act",
"risk_classification": "high_risk",
"applicable": true,
"reason": "Employment-related AI system under Annex III"
}
],
"key_obligations": [
{
"title": "Conformity Assessment",
"description": "High-risk AI system requires conformity assessment",
"jurisdiction": "EU AI Act",
"priority": "critical",
"legal_reference": "Article 43",
"deadline_info": "Before placing on market"
}
],
"recommendations": [
{
"title": "Implement Human Oversight",
"description": "Ensure human can override AI decisions",
"urgency": "immediate",
"estimated_effort": "2-4 weeks"
}
],
"summary": "This AI hiring tool is classified as high-risk..."
},
"meta": {
"model_used": "claude-opus-4-6",
"analysis_time_ms": 3450,
"input_tokens": 1200,
"output_tokens": 800
}
}GET/api/copilot/systems/{systemId}/status
Returns the current compliance status for a registered AI system, including readiness scores, obligation summaries, risk assessments, active alerts, and watchtower monitoring data.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| systemIdRequired | uuid | UUID of the registered AI system. |
Response (200)
Response
{
"success": true,
"data": {
"system": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Resume Screening AI",
"description": "AI-powered resume screening tool",
"deployment_status": "production",
"jurisdiction_flags": ["eu_ai_act", "us_colorado"],
"status": "active",
"created_at": "2026-01-15T10:30:00Z",
"updated_at": "2026-03-01T14:22:00Z"
},
"compliance": {
"overall_score": 73,
"jurisdiction_scores": [
{
"jurisdiction_key": "eu_ai_act",
"score": 68,
"component_scores": {
"obligations": 0.75,
"documentation": 0.65
},
"computed_at": "2026-03-09T00:00:00Z"
}
],
"obligation_summary": {
"total": 24,
"met": 18,
"unmet": 3,
"in_progress": 3
}
},
"risk_assessment": {
"latest_classification": "high",
"confidence_score": 0.89,
"assessed_at": "2026-02-28T16:45:00Z"
},
"alerts": {
"total_open": 2,
"by_severity": { "high": 1, "medium": 1 }
},
"watchtower": {
"active_alerts": 1,
"threshold_violations": 0
}
},
"meta": {
"response_time_ms": 145
}
}Interactive API Explorer
Test the API directly from this page using your API key. Responses are live and will count against your rate limit.
Live requests. The explorer sends real API requests. The compliance check endpoint uses AI analysis and will count toward your daily rate limit.
API Explorer
// Response will appear here after sending a request
Rate Limiting
API rate limits are enforced per organization based on your subscription plan. Limits reset daily at midnight UTC.
| Plan | Daily Limit | Reset |
|---|---|---|
| Free Trial | 10 requests/day | Midnight UTC |
| Starter | 100 requests/day | Midnight UTC |
| Professional | 1,000 requests/day | Midnight UTC |
| Business | Unlimited | N/A |
Rate Limit Headers
Every API response includes rate limit headers so you can monitor your usage:
| Header | Type | Description |
|---|---|---|
| X-RateLimit-Limit | string | Your daily request limit, or "unlimited" for Business plan. |
| X-RateLimit-Remaining | string | Number of remaining requests today. |
| X-RateLimit-Reset | datetime | ISO 8601 timestamp when the rate limit window resets. |
When the rate limit is exceeded, the API returns a
429 Too Many Requests response with the reset time included in both the response body and headers.Error Codes
All error responses follow a consistent format with a machine-readable code and human-readable message. Use the code field for programmatic error handling.
Error Response Format
{
"success": false,
"error": {
"code": "ERROR_CODE",
"message": "Human-readable description"
}
}400VALIDATION_ERROR
400INVALID_JSON
401MISSING_AUTH
401INVALID_AUTH_FORMAT
401INVALID_API_KEY
403INSUFFICIENT_PERMISSIONS
404NOT_FOUND
429RATE_LIMIT_EXCEEDED
500INTERNAL_ERROR
SDK Stubs
Use our lightweight SDK stubs to integrate the Copilot API into your applications. Available for Python and TypeScript.
Python 3.10+ — Install the SDK stub via pip and start making requests in seconds.
Installation
Terminal
pip install arcus-copilotQuick Usage
Python
from arcus_copilot import CopilotClient
client = CopilotClient(api_key="arc_your_api_key")
# Analyze an AI system for compliance
result = client.check(
system_description="An AI hiring tool that screens resumes",
use_case="hiring",
data_types=["personal_data", "employment_history"],
deployment_regions=["eu", "us_colorado"],
)
print(f"Risk Level: {result.risk_level}")
print(f"Confidence: {result.confidence}")
for obligation in result.key_obligations:
print(f" [{obligation.priority}] {obligation.title}")
# Get compliance status for a registered system
status = client.get_system_status("550e8400-e29b-41d4-a716-446655440000")
print(f"Overall Score: {status.compliance.overall_score}")
print(f"Open Alerts: {status.alerts.total_open}")Full SDK Source
arcus_copilot/client.py
"""
Arcus Developer Compliance Copilot - Python SDK Stub
"""
import requests
from dataclasses import dataclass, field
from typing import Optional
@dataclass
class Jurisdiction:
jurisdiction_key: str
jurisdiction_name: str
risk_classification: str
applicable: bool
reason: str
@dataclass
class Obligation:
title: str
description: str
jurisdiction: str
priority: str
legal_reference: str
deadline_info: Optional[str] = None
@dataclass
class Recommendation:
title: str
description: str
urgency: str
estimated_effort: str
@dataclass
class CheckMeta:
model_used: str
analysis_time_ms: int
input_tokens: int
output_tokens: int
@dataclass
class CheckResult:
risk_level: str
confidence: float
applicable_jurisdictions: list[Jurisdiction]
key_obligations: list[Obligation]
recommendations: list[Recommendation]
summary: str
meta: Optional[CheckMeta] = None
@dataclass
class ObligationSummary:
total: int
met: int
unmet: int
in_progress: int
@dataclass
class JurisdictionScore:
jurisdiction_key: str
score: float
component_scores: Optional[dict] = None
computed_at: Optional[str] = None
@dataclass
class Compliance:
overall_score: Optional[float]
jurisdiction_scores: list[JurisdictionScore]
obligation_summary: ObligationSummary
@dataclass
class RiskAssessment:
latest_classification: Optional[str]
confidence_score: Optional[float]
assessed_at: Optional[str]
@dataclass
class Alerts:
total_open: int
by_severity: dict
@dataclass
class Watchtower:
active_alerts: int
threshold_violations: int
@dataclass
class SystemInfo:
id: str
name: str
description: Optional[str]
purpose: Optional[str]
deployment_status: Optional[str]
jurisdiction_flags: list[str]
status: Optional[str]
created_at: str
updated_at: str
@dataclass
class SystemStatus:
system: SystemInfo
compliance: Compliance
risk_assessment: RiskAssessment
alerts: Alerts
watchtower: Watchtower
class CopilotError(Exception):
def __init__(self, code: str, message: str, status_code: int):
super().__init__(message)
self.code = code
self.status_code = status_code
class CopilotClient:
def __init__(
self,
api_key: str,
base_url: str = "https://app.arcus-ai.app",
timeout: int = 60,
):
self._api_key = api_key
self._base_url = base_url.rstrip("/")
self._timeout = timeout
self._session = requests.Session()
self._session.headers.update(
{
"Authorization": f"Bearer {api_key}",
"Content-Type": "application/json",
}
)
def check(
self,
system_description: str,
use_case: Optional[str] = None,
data_types: Optional[list[str]] = None,
deployment_regions: Optional[list[str]] = None,
affected_individuals: Optional[str] = None,
risk_category: Optional[str] = None,
) -> CheckResult:
payload = {"system_description": system_description}
if use_case:
payload["use_case"] = use_case
if data_types:
payload["data_types"] = data_types
if deployment_regions:
payload["deployment_regions"] = deployment_regions
if affected_individuals:
payload["affected_individuals"] = affected_individuals
if risk_category:
payload["risk_category"] = risk_category
response = self._session.post(
f"{self._base_url}/api/copilot/check",
json=payload,
timeout=self._timeout,
)
data = response.json()
if not data.get("success"):
err = data.get("error", {})
raise CopilotError(
code=err.get("code", "UNKNOWN"),
message=err.get("message", "Unknown error"),
status_code=response.status_code,
)
result_data = data["data"]
return CheckResult(
risk_level=result_data["risk_level"],
confidence=result_data["confidence"],
applicable_jurisdictions=[
Jurisdiction(**j)
for j in result_data.get("applicable_jurisdictions", [])
],
key_obligations=[
Obligation(**o) for o in result_data.get("key_obligations", [])
],
recommendations=[
Recommendation(**r)
for r in result_data.get("recommendations", [])
],
summary=result_data.get("summary", ""),
meta=CheckMeta(**data["meta"]) if "meta" in data else None,
)
def get_system_status(self, system_id: str) -> SystemStatus:
response = self._session.get(
f"{self._base_url}/api/copilot/systems/{system_id}/status",
timeout=self._timeout,
)
data = response.json()
if not data.get("success"):
err = data.get("error", {})
raise CopilotError(
code=err.get("code", "UNKNOWN"),
message=err.get("message", "Unknown error"),
status_code=response.status_code,
)
d = data["data"]
return SystemStatus(
system=SystemInfo(**d["system"]),
compliance=Compliance(
overall_score=d["compliance"]["overall_score"],
jurisdiction_scores=[
JurisdictionScore(**s)
for s in d["compliance"]["jurisdiction_scores"]
],
obligation_summary=ObligationSummary(
**d["compliance"]["obligation_summary"]
),
),
risk_assessment=RiskAssessment(**d["risk_assessment"]),
alerts=Alerts(**d["alerts"]),
watchtower=Watchtower(**d["watchtower"]),
)
@property
def rate_limit_info(self) -> dict:
return {
"limit": self._session.headers.get("X-RateLimit-Limit"),
"remaining": self._session.headers.get("X-RateLimit-Remaining"),
"reset": self._session.headers.get("X-RateLimit-Reset"),
}